fbe729ed6a81d14115819045c7bd3e55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbe729ed6a81d14115819045c7bd3e55_JaffaCakes118
Size

324KB
MD5

fbe729ed6a81d14115819045c7bd3e55
SHA1

6d8df2cda493cd4a9d5f2f0f9a5aa41f3534aa42
SHA256

4b0d736e08ce01f2bd1557cba5a696ad24c808971c7d4aad60f342af0e44a160
SHA512

30f600404840eb3836cc068e3502268f576b7f6542b9bfddd169b676584484a3daf5a8a0b718e6c74da47017bb913c6bc043d09f65b91158b04a60d466bd0ba3
SSDEEP

6144:2/ZR8w7UilElXGTOx7H8s5aAIHim7eqzAc1:+R8W7Kl0OxV5rIHJeqzAw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbe729ed6a81d14115819045c7bd3e55_JaffaCakes118

Files

fbe729ed6a81d14115819045c7bd3e55_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

28842d193d105d6478755fb0fb4e4a6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msdaora.pdb

Imports

msvcrt

_itow
_wtoi
wcsstr
bsearch
towlower
_ftol
towupper
wcschr
realloc
_wcsnicmp
swprintf
wcscpy
wcslen
wcsncpy
wcsncmp
_wcsicmp
free
_except_handler3
wcscmp
wcscat
_endthreadex
_beginthreadex
_initterm
_adjust_fdiv
_purecall
malloc
_ltow

msdatl3

?GetValLong@CUtlProps2@@QBEJKK@Z
?GetValBool@CUtlProps2@@QBEFKK@Z
?SetPropValue@CUtlProps2@@QAEJPBU_GUID@@KPAUtagVARIANT@@@Z
?SetUPropSetCount@CUtlProps2@@QAEXK@Z
?FillDefaultValues@CUtlProps2@@QAEJK@Z
?GetUPropSetCount@CUtlProps2@@QAEKXZ
?CompareDBIDs@@YAJPBUtagDBID@@0@Z
?GetBuffer@CWString@@QAEPAGH@Z
??4CWString@@QAEABV0@PBE@Z
??ACWString@@QBEGH@Z
??YCWString@@QAEABV0@ABV0@@Z
?Mid@CWString@@QBE?AV1@HH@Z
??0CUtlPropInfo@@QAE@XZ
?SetValString@CUtlProps2@@QAEJKKPBG@Z
?GetValShort@CUtlProps2@@QBEFKK@Z
??1CUtlPropInfo@@UAE@XZ
?FInit@CUtlPropInfo@@QAEJXZ
?GetPropertyInfo@CUtlPropInfo@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
??0CWString@@QAE@PBG@Z
??YCWString@@QAEABV0@G@Z
?IsEmpty@CUtlProps2@@QAEHKK@Z
?GetValString@CUtlProps2@@QAEPBGKK@Z
?W95LoadString@@YAHPAXIPAGH@Z
?W95LoadLibraryEx@@YAPAXPBGPAXK@Z
??0CWString@@QAE@PBE@Z
??0CWString@@QAE@PBD@Z
?LoadResourceDLL@@YAJPAG0PAXPAPAX@Z
?OnUnicodeSystem@@YAHXZ
?RegisterServer@@YAJQAX0KQBUtagREGENTRIES@@@Z
??4CWString@@QAEABV0@PBD@Z
?UnRegisterServer@@YAJQAXKQBUtagREGENTRIES@@@Z
?SetCombinedPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@K@Z
??1CSlotListShort@@UAE@XZ
??0CSlotListShort@@QAE@XZ
??0CVLHeap@@QAE@XZ
?FInit@CVLHeap@@QAEHK@Z
?FInit@CSlotListShort@@UAEHKPAPAVISlotList@@PAPAVIHashTbl@@K@Z
?GetNextSlots@CSlotListShort@@UAGJKKPAK@Z
?ReleaseSlots@CSlotListShort@@UAGKKK@Z
?NoBusySlots@CSlotListShort@@UAGJXZ
?GetRowBuff@CSlotListShort@@UAIPAUtagRowBuff@@K@Z
?IsValidSlot@CSlotListShort@@UAGJK@Z
?RecordInternalUse@CSlotListShort@@UAGXXZ
?ResetBusySlotIteration@CSlotListShort@@UAGXXZ
?NextBusySlot@CSlotListShort@@UAGJPAK@Z
??1CExtBuffer@@QAE@XZ
?CountOfBusySlots@CSlotListShort@@UAGKXZ
?SLSlotCapacity@CSlotListShort@@UAGKXZ
??1CVLHeap@@QAE@XZ
?VLAlloc@CVLHeap@@QAGPAXK@Z
?VLTrueRealloc@CVLHeap@@QAGPAXPAXK@Z
?VLFree@CVLHeap@@QAGXPAX@Z
?SetPropertyInError@CUtlProps2@@QAEXKK@Z
?GetPropOption@CUtlProps2@@QAEKKK@Z
?SetStatus@CUtlProps2@@QAEXKKK@Z
?ClearPropertyInError@CUtlProps2@@QAEXXZ
?GetPropsInErrorPtr@CUtlProps2@@QAEPAKXZ
?CopyPropsInError@CUtlProps2@@QAEXPAK@Z
??1CUtlProps2@@UAE@XZ
?SetPropertiesArgChk@CUtlProps2@@SAJKQBUtagDBPROPSET@@@Z
?SetProperties@CUtlProps2@@QAEJKQBUtagDBPROPSET@@H@Z
?GetPropertiesArgChk@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?GetProperties@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
??4CWString@@QAEABV0@ABV0@@Z
??0CWString@@QAE@XZ
??4CWString@@QAEABV0@PBG@Z
?ReplaceAt@CWString@@QAEXHHPBGH@Z
?IsEmpty@CWString@@QBEHXZ
?Empty@CWString@@QAEXXZ
?ConcatInPlace@CWString@@QAEXHPBG@Z
??YCWString@@QAEABV0@PBG@Z
?OLEDBGetCharTypeW@@YAHKGPAG@Z
??0CUtlProps2@@QAE@K@Z
?GetUPropValIndex@CUtlProps2@@MAEKKK@Z
?FInit@CUtlProps2@@UAEJPAV1@@Z
?GetIndexofPropSet@CUtlProps2@@UAEJPBU_GUID@@PAK@Z
?GetIndexofPropIdinPropSet@CUtlProps2@@UAEJKKPAK@Z
?SetPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@@Z
?ConflictsWithCurrent@CUtlProps2@@UAEHKKABUtagVARIANT@@@Z
?FIsValidColId@CUtlProps2@@UAEHPAUtagDBPROP@@@Z
??1CBitArray@@QAE@XZ
?GetDWORDOfExtBuffer@CExtBuffer@@QAGKK@Z
?GetLastItemHandle@CExtBuffer@@QAGXAAK@Z
?GetItemOfExtBuffer@CExtBuffer@@QAGXKPAX@Z
?InsertIntoExtBuffer@CExtBuffer@@QAGJPAXAAK@Z
?SetSlot@CBitArray@@QAGJK@Z
?IsSlotSet@CBitArray@@QAGJK@Z
?ResetAllSlots@CBitArray@@QAGXXZ
?DeleteFromExtBuffer@CExtBuffer@@QAGXK@Z
?FInit@CBitArray@@QAGJK@Z
??0CBitArray@@QAE@XZ
?FInit@CExtBuffer@@QAEHKPAXKK@Z
??0CExtBuffer@@QAE@XZ
??BCWString@@QBEPBGXZ
?GetLength@CWString@@QBEHXZ
??1CWString@@QAE@XZ
?FoundError@CWString@@QBEHXZ
??0CWString@@QAE@ABV0@@Z

msdart

MpGetHeapHandle
FXMemAttach
FXMemDetach
MPDeleteCriticalSection
MPInitializeCriticalSection
UMSEnterCSWraper
MpHeapFree
MpHeapAlloc

kernel32

LoadLibraryA
CompareStringW
CompareStringA
IsDBCSLeadByte
GetModuleFileNameA
HeapDestroy
lstrlenA
GetLastError
GetUserDefaultLCID
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CreateEventA
ResetEvent
CloseHandle
WideCharToMultiByte
GetCurrentThreadId
SetEvent
WaitForSingleObject
GetProcAddress
GetVersion
FreeLibrary
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection

user32

PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowLongA
GetWindowLongW
SetWindowLongA
SetWindowLongW
GetDlgItemTextA
GetDlgItemTextW
SetWindowTextW
EndDialog
SetDlgItemTextA
SetDlgItemTextW
DialogBoxParamA
CharUpperBuffW
CharUpperBuffA
GetCursor
SetCursor
DialogBoxParamW
MsgWaitForMultipleObjects

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance
CoGetClassObject
CoGetMalloc

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
VarBstrFromR8
VarBstrFromR4
VariantClear
SysAllocString
VariantInit
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28842d193d105d6478755fb0fb4e4a6e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

msdatl3

msdart

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 197KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 100KB - Virtual size: 98KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 200KB - Virtual size: 197KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 100KB - Virtual size: 98KB

.reloc
Size: 12KB - Virtual size: 10KB